Tag Archive for: Researchers

Security Researchers Win Second Tesla At Pwn2Own

/in


A team of French security researchers have won a Tesla Model 3 and $200,000 after finding a zero-day vulnerability in a vehicle’s electronic control unit (ECU).

The Synacktiv team were at the top of the leaderboard after one day of Pwn2Own Vancouver 2024, the latest hacking contest held by Trend Micro’s Zero Day Initiative (ZDI).

Little is known about the vulnerability, as all bugs discovered during the course of the competition are responsibly disclosed to the relevant vendor for patching. However, what we do know is that Synacktiv used a single integer overflow flaw to exploit a Tesla ECU with Vehicle (VEH) CAN BUS Control. This is the second car they’ve won in Pwn2Own competitions.

Read more on Pwn2Own: Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

Day one of the contest saw the ZDI hand out $732,500 for 19 unique zero-day vulnerabilities, which will ultimately help the vendors participating in the competition make their products more secure.

Other highlights included Manfred Paul, who was awarded a total of $102,500 on the day after achieving remote code execution (RCE) on Apple Safari with an integer underflow bug and demonstrating a PAC bypass using a weakness in the same browser.

In round two of the contest, he executed a double-tap exploit on both Chrome and Edge browsers with a rare CWE-1284 “improper validation of specified quantity in input” vulnerability.

Just behind Paul on the Pwn2Own leaderboard is South Korean Team Theori, which earned $130,000 after combining an uninitialized variable bug, a use-after-free (UAF) vulnerability and a heap-based buffer overflow to escape a VMware Workstation and then execute code as system on the host Windows OS.

Competitors in Vancouver yesterday also received prize money for finding zero-days in Adobe Reader, Windows 11, Ubuntu Linux and Oracle VirtualBox.

A total of $1.3m is up for grabs in cash and prizes across the three-day event.

Image credit: canadianPhotographer56 / Shutterstock.com

Source…

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

/in


Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.

Cybersecurity giant Mandiant said in a post on Friday that it has “identified mass exploitation” of the two flaws in ConnectWise ScreenConnect, a popular remote access tool that allows IT and technicians to remotely provide technical support directly on customer systems over the internet.

The two vulnerabilities comprise CVE-2024-1709, an authentication bypass vulnerability that researchers deemed “embarrassingly easy” for attackers to exploit, and CVE-2024-1708, a path-traversal vulnerability that allows hackers to remotely plant malicious code, such as malware, on vulnerable ConnectWise customer instances.

ConnectWise first disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately. However, thousands of servers remain vulnerable, according to data from the Shadowserver Foundation, and each of these servers can manage up to 150,000 customer devices.

Mandiant said it had identified “various threat actors” exploiting the two flaws and warned that “many of them will deploy ransomware and conduct multifaceted extortion,” but did not attribute the attacks to specific threat groups.

Finnish cybersecurity firm WithSecure said in a blog post Monday that its researchers have also observed “en-mass exploitation” of the ScreenConnect flaws from multiple threat actors. WithSecure said these hackers are exploiting the vulnerabilities to deploy password stealers, back doors, and in some cases ransomware.

WithSecure said it also observed hackers exploiting the flaws to deploy a Windows variant of the KrustyLoader back door on unpatched ScreenConnect systems, the same kind of back door planted by hackers recently exploiting vulnerabilities in Ivanti’s corporate VPN software. WithSecure said it could not yet attribute the activity to a particular threat group, though others have linked the past activity to a China-backed hacking group focused…

Source…

Millions of hacked toothbrushes could be used in cyber attack, researchers warn

/in


Security researchers have warned that millions of hacked toothbrushes could be used in a massive cyber attack.

Internet-connected toothbrushes could be linked together in something known as a botnet, which would allow them to perform a distributed denial of service (DDoS) attack that overloads websites and servers with huge amounts of web traffic.

Major websites could be knocked offline as a result of the attack, according to Swiss newspaper Aargauer Zeitung, who first reported the threat, resulting in millions of dollars of lost revenue.

The issue was initially reported as an actual incident, but Fortinet has since clarified to The Independent that it was a hypothetical scenario.

“The topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs,” a spokesperson said.

“It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.”

Fortinet warned of the dangers of smart devices, which can include web cams, baby monitors, doorbells and domestic appliances.

“Every device that is connected to the Internet is a potential target – or can be misused for an attack,” said Stefan Züger, head of system technology at Fortinet Switzerland. Mr Züger advised owners of smart technologies to take measures to protect themselves.

“Otherwise, sooner or later you will become a victim – or your own device will be misused for attacks,” he said.

The growing trend of internet-connected and AI-enabled devices was on display at the CES tech conference in Las Vegas last month, with everything from pillows to mirrors now embedded with the technology.

The continued rise in popularity of such devices has coincided with fresh security concerns about the risks they may pose if protections are not put in place.

A recent report from network performance firm Netscout noted an “unprecedented growth” in malicious botnets, with activity doubling in January.

Source…

Researchers Uncover Major Surge in Global Botnet Activity

/in


Security researchers have discovered a significant increase in global botnet activity between December 2023 and the first week of January 2024, with spikes observed exceeding one million devices.

Writing in an advisory published on Friday, Netscout ASERT explained that, on a typical day, approximately 10,000 such devices engaged in malicious reconnaissance scanning last year, with a high watermark of 20,000 devices. 

However, on December 8 2023, this number surged to 35,144 devices, signaling a notable departure from the norm.

According to the technical write-up, the situation escalated on December 20, with another spike reaching 43,194 distinct devices. Subsequent spikes, occurring in shorter intervals, culminated in a record-breaking surge on December 29, involving a staggering 143,957 devices, nearly ten times the usual levels. 

Disturbingly, this heightened activity persisted, with high watermarks fluctuating between 50,000 and 100,000 devices.

As the new year unfolded, the scale of the threat became even more pronounced, with January 5 and 6 witnessing spikes exceeding one million distinct devices each day – 1,294,416 and 1,134,999, respectively. A subsequent spike of 192,916 on January 8 affirmed the sustained intensity of this cyber onslaught.

Read more on botnets: Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

Further analysis revealed that this surge emanated from five key countries: the United States, China, Vietnam, Taiwan and Russia. 

“Analysis of the activity has uncovered a rise in the use of cheap or free cloud and hosting servers that attackers are using to create botnet launch pads,” Netscout wrote. “These servers are used via trials, free accounts or low-cost accounts, which provide anonymity and minimal overhead to maintain.”

Adversaries utilizing these new botnets focused on scanning global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808 and 8888. Additionally, signs of potential email server exploits surfaced through increased scanning of ports 636, 993 and 6002.

“These consistently elevated levels indicate a new weaponization of the cloud against the global internet,” reads the…

Source…